Skip to main content

Python library for SPIFFE support

Reason this release was yanked:

Breaking changes were released under a patch version. Use spiffe 0.3.0 instead

Project description

spiffe package

Overview

The spiffe package, part of the py-spiffe library, provides SPIFFE support and essential tools for interacting with the SPIFFE Workload API. It simplifies the management and validation of SPIFFE identities, supporting X509-SVIDs, JWT-SVIDs, and X.509 CA and JWKS Bundles.

Features

  • Automatic Management of SPIFFE Identities: Streamlines fetching, renewing, and validation of X.509 and JWT SVIDs.
  • Seamless Integration with SPIFFE Workload API: Facilitates communication with SPIRE or other SPIFFE Workload API compliant systems.
  • Continuous Update Handling: Automatically receives and applies updates for SVIDs and bundles, ensuring your application always uses valid certificates.

Prerequisites

  • A running instance of SPIRE or another SPIFFE Workload API implementation.
  • The SPIFFE_ENDPOINT_SOCKET environment variable set to the address of the Workload API (e.g., unix: /tmp/spire-agent/public/api.sock), or provided programmatically.

Usage

Below are examples demonstrating the core functionalities of the spiffe package.

WorkloadApiClient

from spiffe import WorkloadApiClient

# Fetch X.509 and JWT SVIDs
with WorkloadApiClient() as client:
    x509_svid = client.fetch_x509_svid()
    print(f'SPIFFE ID: {x509_svid.spiffe_id}')

    jwt_svid = client.fetch_jwt_svid(audience={"test"})
    print(f'SPIFFE ID: {jwt_svid.spiffe_id}')

By default, blocking Workload API calls wait without a deadline. To avoid indefinitely blocking a calling thread when the Workload API is unresponsive, set default_timeout on the client or pass a per-call timeout in seconds:

with WorkloadApiClient(default_timeout=5.0) as client:
    jwt_svid = client.fetch_jwt_svid(audience={"test"})
    jwt_svid = client.fetch_jwt_svid(audience={"test"}, timeout=1.0)

Per-call timeouts override default_timeout. Deadline expiry is reported as the SPIFFE-specific error for the call, such as FetchJwtSvidError. Timeouts do not apply to long-lived streaming methods.

X509Source

from spiffe import X509Source

# Automatically manage X.509 SVIDs and CA bundles
with X509Source() as source:
    x509_svid = source.svid
    print(f'SPIFFE ID: {x509_svid.spiffe_id}')

JwtSource

from spiffe import JwtSource

# Manage and validate JWT SVIDs and JWKS bundles
with JwtSource() as source:
    jwt_svid = source.fetch_svid(audience={'test'})
    print(f'SPIFFE ID: {jwt_svid.spiffe_id}')
    print(f'Token: {jwt_svid.token}')

Contributing

We welcome contributions to the spiffe package! Please see our contribution guidelines for more details. For feedback and issues, please submit them through the GitHub issue tracker.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

spiffe-0.2.10.tar.gz (41.0 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

spiffe-0.2.10-py3-none-any.whl (59.2 kB view details)

Uploaded Python 3

File details

Details for the file spiffe-0.2.10.tar.gz.

File metadata

  • Download URL: spiffe-0.2.10.tar.gz
  • Upload date:
  • Size: 41.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.19 {"installer":{"name":"uv","version":"0.11.19","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for spiffe-0.2.10.tar.gz
Algorithm Hash digest
SHA256 08c0a6c8280fa278c91d001579b20ce3ed0464f9fe541fbc3c8d11ba2d60e2c5
MD5 9ec0b28517284d88d374b55443d4ca7d
BLAKE2b-256 46935fb0d0f0925b118a86e662af037bd2959907b7fa294306923d0a845a9ca2

See more details on using hashes here.

File details

Details for the file spiffe-0.2.10-py3-none-any.whl.

File metadata

  • Download URL: spiffe-0.2.10-py3-none-any.whl
  • Upload date:
  • Size: 59.2 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: uv/0.11.19 {"installer":{"name":"uv","version":"0.11.19","subcommand":["publish"]},"python":null,"implementation":{"name":null,"version":null},"distro":{"name":"Ubuntu","version":"24.04","id":"noble","libc":null},"system":{"name":null,"release":null},"cpu":null,"openssl_version":null,"setuptools_version":null,"rustc_version":null,"ci":true}

File hashes

Hashes for spiffe-0.2.10-py3-none-any.whl
Algorithm Hash digest
SHA256 6f2bb9525fc865d978a4ed3cb68783ee69dd0a8f1f0f8c0c75b1e036586c0aa0
MD5 6b6a1bb2c6cfa8972d7e9c1787a51e6f
BLAKE2b-256 4da8e392fa74c0a67e564713a38b85bbeb5ed39960acdc02485d0518e879c070

See more details on using hashes here.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page